You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@hadoop.apache.org by Masatake Iwasaki <iw...@apache.org> on 2022/06/10 16:03:08 UTC
CVE-2021-37404: Apache Hadoop: Heap buffer overflow in libhdfs native library
Severity: important
Versions affected:
2.9.0 to 2.10.1, 3.0.0 to 3.1.4, 3.2.0 to 3.2.2, 3.3.0 to 3.3.1
Description:
There is a potential heap buffer overflow in libhdfs native code.
Opening a file path provided by user without validation may result in
a denial of service or arbitrary code execution.
Mitigation:
Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or upper.
Credit:
This issue was discovered by Igor Chervatyuk.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@hadoop.apache.org
For additional commands, e-mail: general-help@hadoop.apache.org